Cloud One Workload Security and Deep Security Center
- * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Apache OpenMeetings
1008267 - Apache OpenMeetings ZIP File Path Traversal Vulnerability (CVE-2016-0784)
DCERPC Services
1008432 - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2017-0267)
1008468 - Microsoft Windows SMBv1 Information Disclosure Vulnerability (CVE-2017-0271)
Unix Samba
1008420* - Samba Shared Library Remote Code Execution Vulnerability (CVE-2017-7494)
Web Application Common
1008383 - ImageMagick Heap Buffer Overflow Vulnerability (CVE-2016-9556)
1008388 - ImageMagick Use After Free Denial Of Service Vulnerability (CVE-2016-7906)
Web Application Tomcat
1006107* - Apache Tomcat Chunk Request Remote Denial Of Service Vulnerability
Web Client Common
1008304* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-11) - 2
1008406 - Adobe Reader DC Graphics State Dictionary Double Free Remote Code Execution Vulnerability (CVE-2016-1111)
1008400 - Foxit Reader ConvertToPDF TIFF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
1008403 - Foxit Reader ExportData Restrictions Bypass Remote Code Execution Vulnerability
1008402 - Foxit Reader FlateDecode Use-After-Free Remote Code Execution Vulnerability
1008405 - Foxit Reader JPEG Parsing Out Of Bounds Read Information Disclosure Vulnerability
1008413 - Foxit Reader JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
1008395 - Foxit Reader JPEG2000 Parsing Out Of Bounds Write Remote Code Execution Vulnerability
1008396 - Foxit Reader JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
1008414 - Foxit Reader Pattern Uninitialized Pointer Remote Code Execution Vulnerability
1008386 - Foxit Reader TIFF Parsing Out Of Bounds Write Remote Code Execution Vulnerability
1008384 - ImageMagick Heap Buffer Overflow Vulnerability (CVE-2016-9556) - 1
1008389 - ImageMagick Use After Free Denial Of Service Vulnerability (CVE-2016-7906) - 1
1008381 - Microsoft Windows Media Format ASF Parsing Vulnerability (CVE-2006-4702)
Web Client Internet Explorer/Edge
1008399 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0093)
1008209* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0130)
1008374 - Microsoft XML Memory Corruption Vulnerability (CVE-2007-0099)
Integrity Monitoring Rules:
1002770* - Unix - File Attributes Changes In /usr/bin And /usr/sbin Locations
1008464 - Unix - File Attributes Changes In /usr/etc, /usr/lib, /usr/lib64, /usr/libexec And /usr/local Locations
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DNS Server
1008332* - Microsoft DNS Server Denial Of Service Vulnerability (CVE-2017-0171)
Database MySQL
1008330* - MySQL Denial Of Service Vulnerability (CVE-2017-3599)
HP Intelligent Management Center (IMC)
1008329* - HP Intelligent Management Center RedirectServlet 'parafile' Directory Traversal Vulnerability
1008379 - HP Intelligent Management Center Service Information Disclosure Vulnerability (CVE-2017-5797)
1008296* - HP Intelligent Management Center UrlAccessController Filter Authentication Bypass Vulnerability
Mail Server Lotus Domino
1008310* - IBM Lotus Domino Server Stack Buffer Overflow Vulnerability (CVE-2017-1274)
OpenSSL
1008270* - OpenSSL ChaCha20/Poly1305 Cipher Suite Heap Buffer Overflow Vulnerability (CVE-2016-7054)
Unix RPC Services
1008371* - rpcbind Remote Denial Of Service Vulnerability (CVE-2017-8779)
Web Application PHP Based
1008391* - PHPMailer Remote Code Execution Vulnerability
1008411* - WordPress Tracking Code Manager Plugin Denial Of Service Vulnerability
Web Client Common
1008456 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-17)
1008462 - Google Chrome V8 Private Property Arbitrary Code Execution Vulnerability (CVE-2016-9651)
1008460 - Microsoft Windows Graphics Information Disclosure Vulnerability (CVE-2017-8532)
1008461 - Microsoft Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0285)
1008458 - VideoLAN VLC Heap Based Buffer Overflow Vulnerability (CVE-2017-8311)
Web Server Oracle
1008378 - Oracle WebLogic Server Untrusted Data Deserialization Vulnerability (CVE-2017-3248)
Web Server Squid
1005303* - Squid 'cachemgr.cgi' Remote Denial Of Service Vulnerability
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008445 - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8543)
Suspicious Client Ransomware Activity
1008457 - Ransomware Erebus
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Microsoft Office
1008441 - Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8509)
1008442 - Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8510)
Web Application Common
1008427 - ImageMagick Denial Of Service Vulnerability (CVE-2017-8346) - 1
Web Client Common
1008428 - ImageMagick Denial Of Service Vulnerability (CVE-2017-8346)
1008434 - Microsoft Device Guard Code Integrity Policy Security Feature Bypass Vulnerability (CVE-2017-0215)
1008435 - Microsoft Windows LNK Remote Code Execution Vulnerability (CVE-2017-8464)
1008448 - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (June-2017)
Web Client Internet Explorer/Edge
1008439 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8496)
1008440 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8497)
1008444 - Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2017-8529)
1008443 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8524)
1008446 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-8547)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1003835* - Web Server - Microsoft IIS Server Security - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008422 - Detected SMBv1 Request
DCERPC Services - Client
1008423 - Detected SMBv1 Response
Database MySQL
1008330 - MySQL Denial Of Service Vulnerability (CVE-2017-3599)
HP Intelligent Management Center (IMC)
1008329 - HP Intelligent Management Center RedirectServlet 'parafile' Directory Traversal Vulnerability
OpenSSL
1008270 - OpenSSL ChaCha20/Poly1305 Cipher Suite Heap Buffer Overflow Vulnerability (CVE-2016-7054)
Unix Samba
1008420* - Samba Shared Library Remote Code Execution Vulnerability (CVE-2017-7494)
Web Application Common
1008318* - CPanel Cgiemail And Cgiecho Format String Vulnerability (CVE-2017-5613)
Web Application PHP Based
1008411 - WordPress Tracking Code Manager Plugin Denial Of Service Vulnerability
Web Proxy Squid
1008111 - Squid HTTP Response Denial Of Service Vulnerability
Web Server Common
1008397 - Identified Directory Traversal Attack In HTTP Request Headers
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1008390 - FTP Server - CompleteFTP - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
HP Intelligent Management Center (IMC)
1008296 - HP Intelligent Management Center UrlAccessController Filter Authentication Bypass Vulnerability
Mail Server Lotus Domino
1008310* - IBM Lotus Domino Server Examine Command Stack Buffer Overflow Vulnerability
Microsoft Office
1004853* - Identified Suspicious Microsoft Office Files With Embedded Font
Suspicious Client Ransomware Activity
1007534* - Ransomware Crydap
1007709* - Ransomware MadLocker
1007706* - Ransomware Network Traffic - 3
Unix Samba
1008420* - Samba Shared Library Remote Code Execution Vulnerability (CVE-2017-7494)
Web Application Common
1007170* - Identified Suspicious China Chopper Webshell Communication
Web Application PHP Based
1008391 - PHPMailer Remote Code Execution Vulnerability
Web Client Common
1008049* - ImageMagick Out Of Bounds Array Indexing Denial Of Service Vulnerability (CVE-2016-7799) - 1
Web Client Internet Explorer/Edge
1008216* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0070)
Web Server MDaemon Web Mail
1008311* - MDaemon WorldClient Remote Code Execution Vulnerability
Web Server Oracle
1008317* - Oracle WebLogic JBoss Interceptors Deserialization Of Untrusted Data Vulnerability (CVE-2016-3510)
1008094* - Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2016-5535)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008420 - Samba Shared Library Remote Code Execution Vulnerability (CVE-2017-7494)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
Intel AMT
1008369* - Intel Active Management Technology Escalation Of Privilege (CVE-2017-5689)
Microsoft Office
1008375 - Microsoft Office Remote Code Execution Vulnerability (CVE-2017-0262)
Unix RPC Services
1008371 - rpcbind Remote Denial Of Service Vulnerability (CVE-2017-8779)
Web Client Common
1008185* - Identified Suspicious Obfuscated PDF Document
1008253* - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0084)
Web Client Internet Explorer/Edge
1008291* - Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2017-0208)
1008209* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0130)
1008173* - Microsoft XML Core Service Information Disclosure Vulnerability (CVE-2017-0022)
Web Server Common
1000473* - Parameter Name Length Restriction
Integrity Monitoring Rules:
1008385* - Ransomware - WannaCry
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1008227* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0147)
1008179 - Restrict File Extensions For Rename Activity Over Network Share
DCERPC Services - Client
1008328* - Identified Client Suspicious SMB Session
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client
HP Intelligent Management Center (IMC)
1008299* - HP Intelligent Management Center 'accessMgrServlet' Insecure Deserialization Vulnerability
Intel AMT
1008369* - Intel Active Management Technology Escalation Of Privilege (CVE-2017-5689)
Mail Server Lotus Domino
1008310* - IBM Lotus Domino Server Examine Command Stack Buffer Overflow Vulnerability
NNTP Client Microsoft Outlook Express
1000780* - Microsoft Outlook Express NNTP Response Parsing Buffer Overflow
Sun Solaris RPC Services
1008314* - Oracle Solaris Remote Code Execution Vulnerability (CVE-2017-3623)
Web Application Common
1008261* - ImageMagick IsPixelGray Buffer Overflow Vulnerability (CVE-2016-9773)
Web Application PHP Based
1008322* - SquirrelMail Remote Code Execution Vulnerability (CVE-2017-7692)
Web Client Common
1008309* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-11) - 3
1008376 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-15)
Web Server MDaemon Web Mail
1008311 - MDaemon WorldClient Remote Code Execution Vulnerability
Web Server Squid
1005303* - Squid 'cachemgr.cgi' Remote Denial Of Service Vulnerability
Integrity Monitoring Rules:
1008385 - Ransomware - WannaCry
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DNS Server
1008332* - Microsoft DNS Server Denial Of Service Vulnerability (CVE-2017-0171)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.